NSE7 Free Practice Test

Examine the following traffic log; then answer the question below.
date-20xx-02-01 time=19:52:01 devname=master device_id="xxxxxxx" log_id=0100020007 type=event subtype=system pri critical vd=root service=kemel status=failure msg="NAT port is exhausted."
What does the log mean?

1. A. There is not enough available memory in the system to create a new entry in the NAT port table.
2. B. The limit for the maximum number of simultaneous sessions sharing the same NAT port has been reached.
3. C. FortiGate does not have any available NAT port for a new connection.
4. D. The limit for the maximum number of entries in the NAT port table has been reached.

Correct Answer: B

Examine the output from the ‘diagnose vpn tunnel list’ command shown in the exhibit; then answer the question below.

Which command can be used to sniffer the ESP traffic for the VPN DialUP_0?

1. A. diagnose sniffer packet any ‘port 500’
2. B. diagnose sniffer packet any ‘esp’
3. C. diagnose sniffer packet any ‘host 10.0.10.10’
4. D. diagnose sniffer packet any ‘port 4500’

Correct Answer: B

An administrator cannot connect to the GIU of a FortiGate unit with the IP address 10.0.1.254. The administrator runs the debug flow while attempting the connection using HTTP. The output of the debug flow is shown in the exhibit:

Based on the error displayed by the debug flow, which are valid reasons for this problem? (Choose two.)

1. A. HTTP administrative access is disabled in the FortiGate interface with the IP address 10.0.1.254.
2. B. Redirection of HTTP to HTTPS administrative access is disabled.
3. C. HTTP administrative access is configured with a port number different than 80.
4. D. The packet is denied because of reverse path forwarding check.

Correct Answer: AC

A FortiGate device has the following LDAP configuration:

The administrator executed the ‘dsquery’ command in the Windows LDAp server 10.0.1.10, and got the following output:
>dsquery user –samid administrator
“CN=Administrator, CN=Users, DC=trainingAD, DC=training, DC=lab” Based on the output, what FortiGate LDAP setting is configured incorrectly?

1. A. cnid.
2. B. username.
3. C. password.
4. D. dn.

Correct Answer: A

An administrator has configured a FortiGate device with two VDOMs: root and internal. The administrator has also created and inter-VDOM link that connects both VDOMs. The objective is to have each VDOM advertise some routes to the other VDOM via OSPF through the inter-VDOM link. What OSPF configuration settings must match in both VDOMs to have the OSPF adjacency successfully forming? (Choose three.)

1. A. Router ID.
2. B. OSPF interface area.
3. C. OSPF interface cost.
4. D. OSPF interface MTU.
5. E. Interface subnet mask.

Correct Answer: BDE